CN115001836B - System and method for realizing PLC (programmable logic controller) safety communication - Google Patents

System and method for realizing PLC (programmable logic controller) safety communication Download PDF

Info

Publication number
CN115001836B
CN115001836B CN202210682582.0A CN202210682582A CN115001836B CN 115001836 B CN115001836 B CN 115001836B CN 202210682582 A CN202210682582 A CN 202210682582A CN 115001836 B CN115001836 B CN 115001836B
Authority
CN
China
Prior art keywords
key
plc
box
data
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210682582.0A
Other languages
Chinese (zh)
Other versions
CN115001836A (en
Inventor
刘洋
张雅茹
张苏楠
付敏
周新洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan vocational college
Original Assignee
Jinan vocational college
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan vocational college filed Critical Jinan vocational college
Priority to CN202210682582.0A priority Critical patent/CN115001836B/en
Publication of CN115001836A publication Critical patent/CN115001836A/en
Application granted granted Critical
Publication of CN115001836B publication Critical patent/CN115001836B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • G05B19/054Input/output
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a system and a method for realizing PLC secure communication, wherein the system comprises a password service center and a PLC terminal. The autonomous control of the PLC communication stream cipher processing is realized by improving the ZUC algorithm; generating pseudo random numbers through Logistic chaotic mapping, optimizing nonlinearity, differential uniformity and avalanche degree of an S box formed by the pseudo random numbers based on an improved particle swarm algorithm, realizing double scrambling of the S box structure, and improving unpredictability of key word generation; the password service center efficiently updates the S box and issues the S box, the secret key K and the like to the PLC terminal based on the national encryption algorithm, so that the whole process encryption of communication is realized; the PLC terminal realizes ZUC key word advanced storage through a sub-thread preprocessing mode, the whole process does not occupy industrial control resources, and the real-time performance of industrial control is ensured; the receiving end PLC rapidly screens the key stream through the synchronous identifier and the key splitter and realizes ciphertext decryption, and self-synchronization of symmetric encryption and decryption is realized with high efficiency.

Description

System and method for realizing PLC (programmable logic controller) safety communication
Technical Field
The invention relates to the field of industrial information security, in particular to a system and a method for realizing PLC (programmable logic controller) secure communication.
Background
The communication process of the commercial programmable logic controller (Programmable Logic Controller, PLC) is generally exposed in a password-free environment, along with the increasing of the intelligent and networking levels in an industrial control system, the threat of information security holes is increased, and in order to improve the security level, a small part of PLC products integrate encryption algorithms such as AES, DES and the like, but the algorithms have security holes and cannot realize autonomous controllability.
The ZUC algorithm is an encryption and integrity algorithm which is autonomously designed by China and becomes one of international communication encryption standards, and the algorithm mechanism is very suitable for PLC communication. The S box is the only nonlinear component in the ZUC algorithm, the main function of the S box is to confuse plaintext, the safety intensity of the S box plays a decisive role on the safety of the whole algorithm, the S box is fixed and public in the application of the ZUC algorithm, the S box is unfavorable for preventing tracking attack, and the ZUC algorithm is used as a typical synchronous stream cipher algorithm, and the hidden trouble that communication is unstable and data packet loss causes asynchronous key words and ZUC finally decryption fails exists.
Disclosure of Invention
In view of the above, the present invention mainly solves the technical problems and overcomes the drawbacks and disadvantages of the prior art, and provides a system and a method for implementing PLC secure communication, which increase the communication security and simultaneously perform self-synchronization transformation on the communication security, so as to avoid the risk of subsequent data decryption failure caused by communication data loss.
The implementation method of the PLC safety communication is characterized by comprising the following steps:
a1: the S box generator constructs an S box based on Logistic chaotic mapping and an improved particle swarm algorithm, the key generator randomly generates a key K, and the key counter records the number m of the key K, wherein the improved particle swarm algorithm formula is as follows:
in the above, C 1 Is a self-cognition factor; rand1 () is [0,1]Random numbers within a range; p (P) i (t) is the optimal position encountered by particle i during the search from start to time t; x is X i (t) is the position of the particle i at time t; the position being X i An elemental arrangement of (t); p (P) i (t)-X i (t) is particle X i (t) to P i A hamming distance of (t); c (C) 1 rand1()(P i (t)-X i (t)) is a self-learning speed set at time t, the speed set means X i (t) exchanging a set of items Q (x, y) during the change, wherein x is a target item, x, y are permutation numbers instead of real numbers, C 1 rand1()(P i (t)-X i (t)) is rounded to an integer z, and X is randomly chosen i All sums P in (t) i (t) exchanging z values in different terms to cause X i Correspondence of (t)Items and P i (t) is the same;
C 2 is a social cognition factor; rand2 () is [0,1]Random numbers within a range; g (t) is the optimal position encountered in the searching process from the beginning to the moment t of all particles; x is X i (t) is the position of the particle i at time t; g (t) -X i (t) is particle X i (t) a hamming distance to G (t); c (C) 2 rand2()(G(t)-X i (t)) is a social learning speed set, and if the social learning speed set and the self-learning speed set have the same target item, the exchange item of the social learning speed is used as the exchange item of the self-learning speed;
V max is the upper limit of the speed set; v (V) i (t+1) is the set of speeds that the particle i should update at time t+1; x is X i (t+1) is the position where the particle i should be updated at time t+1;
a2: the national encryption module encrypts the S box, the secret key K and the secret key number m based on SM2 or SM4 and sends the encrypted S box, the secret key K and the secret key number m to the PLC terminal;
a3: the PLC sending module performs ZUC encryption and data sending;
a4: and the PLC receiving module receives data and decrypts ZUC.
The S box generator constructs an S box based on Logistic chaotic mapping and an improved particle swarm algorithm, and the S box comprises the following steps:
b1: 256 elements are generated based on Logistic mapping as a chaotic model, and the Logistic model is x n+1 = x n* μ * (1-x n ),x∈[0,1], μ∈[3.5699456,4]Randomly selecting x in the value range 0 Mu, calculating x-sequence { x } from the model 0 、x 1 ... x 255 };
B2: expanding elements in the x sequence by 100 times and performing rounding operation: { X n }=[x n *100]The positive integer { X }, to be obtained n The set code is [ X ] 0 X 1 X 2 ... X 255 ]In the form of particles;
b3: constructing fitness function by balancing the nonlinearity N of S-boxes s Differential uniformity delta s Degree of avalanche B s Construction function f(s) =a s f s (N s )+a d f ds )+a B f B (B s ) Herein define f s (N s )=N s ,f ds )=δ s ,f B (B s )=B s ,a s 、a d 、a B The larger f (S) is, the better the S box comprehensive performance is, and the complete form of the fitness function is as follows:
f(s)= (1-1)
b4: construction of improved particle swarm algorithm:
(1-2)
b5: optimizing the S box based on an improved particle swarm algorithm;
the step B5 comprises the following steps:
b51: parameter setting is carried out, including setting a population scale M; setting self-cognition factor C 1 =0.3; setting social cognition factor C 2 =0.3; setting the maximum iteration number N max The method comprises the steps of carrying out a first treatment on the surface of the Setting an ideal value f(s) of the fitness function g The method comprises the steps of carrying out a first treatment on the surface of the Randomly selecting M solutions in a solution space as initial positions X of particle swarms i (0),i∈[1,M]The method comprises the steps of carrying out a first treatment on the surface of the Setting maximum speed V of particle swarm max
And B52: initializing an optimal solution, and setting an optimal position P of each particle at the moment 0 i (0)=X i (0) Finding the global optimum position G (0) =argmax { f (P) 1 (0))...f(P i (0))...f(P M (0) A number of iterations t=0);
and B53: iterative optimization, performing iterative calculation of particle swarm by using a formula 1-2 to obtain a speed set V of the particle i at the time t+1 i (t+1) and position X i (t+1);
Calculating the position X of particle i using equation 1-1 i Fitness value f (X) of (t+1) i (t+1));
Updating the locally optimal position through which particle i passes using equation 2-1:
(2-1)
updating the global optimum positions through which all particles pass using equation 2-2:
G(t+1)=argmax{f(P 1 (t+1))...f(P i (t+1))...f(P M (t+1))} (2-2)
the number of iterations t=t+1;
b54: repeating the above process to complete the calculation of all M particles at time T, when the iteration times T reach N max Or when the ideal result of the fitness function is obtained, the iteration is ended, and the final positive integer { X } n The arrangement is the ideal S box structure.
The cryptographic module encrypts and transmits the S box, the key K and the key number m based on SM2 or SM4 to the PLC terminal, and comprises the following steps:
c1: after a new key K is generated, a key counter performs counting operation to obtain a key code m, a service center and a PLC construct an asymmetric or symmetric encryption channel through an SM2 or SM4 algorithm, and the service center sends the encrypted S box, the encrypted key K and the encrypted key code m to a PLC terminal;
c2: the PLC terminal decrypts the SM2 or SM4 algorithm through the national encryption module, the obtained S box and the secret key K are sent to the variable S box ZUC algorithm, and the secret key code m is sent to the synchronous identification counter;
and C3: the fixed S box of the variable S box ZUC algorithm is replaced by a variable S box issued by a service center;
and C4: and the service center periodically updates and transmits a new S box, a key K and a key code m according to the key consumption condition of the PLC terminal.
The method for performing ZUC encryption and data transmission by the PLC transmission module comprises the following steps:
d1: the PLC establishes a sub-thread, the sub-thread generates a key word by using a key K and a ZUC algorithm and stores the key word in a buffer area, an encryption round generated by each key is customized by a user, and the key word generated by each encryption round is 32 bits and is determined by the characteristics of the ZUC algorithm. In order to ensure industrial control real-time performance, the generation and storage of key words always lead the key numbers in use, for example, the communication is using the key words generated for m based on the key code to encrypt and decrypt, and then the sub-thread at least needs to complete the generation and storage of all key words before the key code is m+10;
d2: obtaining a key stream in a buffer area and a binary plaintext to perform bitwise exclusive OR to generate a ciphertext stream;
d3: the synchronous identification counter records a key number m which is being used in the encryption process, an encryption round n based on the key by a ZUC algorithm, and a key word number p generated by the ZUC algorithm based on the encryption round;
d4: the synchronous data generator combines the ciphertext stream c with the synchronous identifications m, n, p to form a data stream d, i.e. d=c|m|n|p;
d5: and the PLC sending module completes data encapsulation and sends the data to other PLC receiving modules.
The PLC receiving module performs data receiving and ZUC decryption, and comprises the following steps:
e1: the data separator divides ciphertext data and synchronous identification data, the ciphertext data c are all released, and the synchronous identification data m < n > p is sent to the key stream sorter;
e2: in order to avoid subsequent data decryption failure caused by partial data stream loss at the transmitting end, the key stream sorter releases the key stream in the buffer zone according to the serial number of the synchronous identification data extracted by the data separator;
e3: the exclusive-or unit performs bit exclusive-or on the ciphertext and the key stream to generate a plaintext stream.
The system of the invention consists of a password service center and a PLC terminal.
The password service center consists of an S box generator, a key counter and a national password module.
The PLC terminal consists of a national encryption module, a variable S box ZUC algorithm, a buffer area, a sending module and a receiving module, wherein the sending module consists of a synchronous identification counter, a synchronous data generator and an exclusive OR unit; the receiving module consists of a data separator, a key stream sorter and an exclusive or unit; all PLC terminals integrate a sending module and a receiving module, can realize two-way communication, and the two modules share a national cipher module, a variable S box ZUC algorithm and a buffer zone.
The invention has the advantages and beneficial effects that: according to the invention, the PLC communication is encrypted and decrypted through the improved ZUC algorithm, so that the autonomous and controllable processing of the PLC communication stream cipher is realized; the pseudo random number is simply and efficiently generated through Logistic chaotic mapping, and the S box formed by the pseudo random number is optimized based on the improved particle swarm algorithm, so that double scrambling of the S box construction process is realized, and the unpredictability of key word generation is improved; the password service center efficiently updates the S box and issues the S box, the secret key K and the like to each PLC terminal based on a national encryption algorithm, so that the whole process encryption of communication is realized; the PLC terminal realizes ZUC key word advanced storage through a sub-thread preprocessing mode, the whole process does not occupy industrial control resources, and the real-time performance of industrial control is ensured; the receiving end PLC rapidly screens the key stream through the synchronous identifier and the key splitter and realizes ciphertext decryption, and self-synchronization of symmetric encryption and decryption is realized with high efficiency.
Drawings
FIG. 1 is a system architecture diagram of the present invention;
FIG. 2 is a flow chart of iterative optimization of the present invention;
FIG. 3 is a diagram of a variable S-box ZUC architecture of the present invention;
fig. 4 is a diagram showing a synchronous identification storage structure of the present invention.
Detailed Description
The invention is further explained below with reference to the examples of the drawings:
the embodiment of the invention provides a system and a method for realizing PLC secure communication, wherein the system architecture is shown in figure 1, and the system consists of a password service center and a PLC terminal.
The password service center consists of an S box generator, a key counter and a national password module.
The PLC terminal consists of a national encryption module, a variable S box ZUC algorithm, a buffer area, a sending module and a receiving module, wherein the sending module consists of a synchronous identification counter, a synchronous data generator and an exclusive OR unit; the receiving module consists of a data separator, a key stream sorter and an exclusive or unit; all PLC terminals integrate a sending module and a receiving module, can realize two-way communication, and the two modules share a national cipher module, a variable S box ZUC algorithm and a buffer zone.
The implementation method of the PLC safety communication is characterized by comprising the following steps:
a1: the S box generator constructs an S box based on Logistic chaotic mapping and an improved particle swarm algorithm, the key generator randomly generates a key K, and the key counter records the number m of the key K;
a2: the national encryption module encrypts the S box, the secret key K and the secret key number m based on SM2 or SM4 and sends the encrypted S box, the secret key K and the secret key number m to the PLC terminal;
a3: the PLC sending module performs ZUC encryption and data sending;
a4: and the PLC receiving module receives data and decrypts ZUC.
1. The method for constructing the S box based on the Logistic chaotic map and the improved particle swarm algorithm by the S box generator comprises the following steps:
b1: 256 elements are generated based on Logistic mapping as a chaotic model, and the Logistic model is x n+1 = x n* μ * (1-x n ),x∈[0,1], μ∈[3.5699456,4]Randomly selecting x in the value range 0 Mu, calculating x-sequence { x } from the model 0 、x 1 ... x 255 };
B2: expanding elements in the x sequence by 100 times and performing rounding operation: { X n }=[x n *100]The positive integer { X }, to be obtained n The set code is [ X ] 0 X 1 X 2 ... X 255 ]In the form of particles;
b3: constructing fitness function by balancing the nonlinearity N of S-boxes s Differential uniformity delta s Degree of avalanche B s Construction function f(s) =a s f s (N s )+a d f ds )+a B f B (B s ) Herein define f s (N s )=N s ,f ds )= δ s ,f B (B s )=B s ,a s 、a d 、a B The larger f (S) is, the better the S box comprehensive performance is, and the complete form of the fitness function is as follows:
f(s)= (1-1)
b4: construction of improved particle swarm algorithm:
(1-2)
in the above, C 1 Is a self-cognition factor; rand1 () is [0,1]Random numbers within a range; p (P) i (t) is the optimal position encountered by particle i during the search from start to time t; x is X i (t) is the position of the particle i at time t; the position being X i An elemental arrangement of (t); p (P) i (t)-X i (t) is particle X i (t) to P i A hamming distance of (t); c (C) 1 rand1()(P i (t)-X i (t)) is a self-learning speed set at time t, the speed set means X i (t) exchanging a set of items Q (x, y) during the change, wherein x is a target item, x, y are permutation numbers instead of real numbers, C 1 rand1()(P i (t)-X i (t)) is rounded to an integer z, and X is randomly chosen i All sums P in (t) i (t) exchanging z values in different terms to cause X i The corresponding term of (t) and P i (t) is the same, e.g. X i (t)="1 2 3 4",P i (t)="3 4 2 1",X i (t) all 4 items sum to P i (t) if z=2 is calculated, then X is randomly chosen i Exchanging two items of (t) to obtain sum P i (t) the same corresponding value, such as selecting items 1 and 3 as target items, then the exchange item of "1 2 3 4" to "3 2 1 4" is Q (1, 3), the exchange item of "3 2 1 4" to "3 1 2 4" is Q (3, 2), and thus the speed set of the whole transformation process of "1 2 3 4" to "3 1 2 4" is { Q (1, 3), Q (3, 2) };
C 2 is a social cognition factor; rand2 () is [0,1]Random numbers within a range; g (t) is the time from the beginning to the tStopping the optimal position encountered in the searching process; x is X i (t) is the position of the particle i at time t; g (t) -X i (t) is particle X i (t) a hamming distance to G (t); c (C) 2 rand2()(G(t)-X i (t)) is a social learning speed set, and if the social learning speed set and the self-learning speed set have the same target item, the exchange item of the social learning speed is used as the exchange item of the self-learning speed;
V max is the upper limit of the speed set; v (V) i (t+1) is the set of speeds that the particle i should update at time t+1; x is X i (t+1) is the position where the particle i should be updated at time t+1;
b5: the process of optimizing the S-box based on the improved particle swarm algorithm is shown in fig. 2, and the steps are as follows:
b51: parameter setting is carried out, including setting a population scale M; setting self-cognition factor C 1 =0.3; setting social cognition factor C 2 =0.3; setting the maximum iteration number N max The method comprises the steps of carrying out a first treatment on the surface of the Setting an ideal value f(s) of the fitness function g The method comprises the steps of carrying out a first treatment on the surface of the Randomly selecting M solutions in a solution space as initial positions X of particle swarms i (0),i∈[1,M]The method comprises the steps of carrying out a first treatment on the surface of the Setting maximum speed V of particle swarm max
And B52: initializing an optimal solution, and setting an optimal position P of each particle at the moment 0 i (0)=X i (0) Finding the global optimum position G (0) =argmax { f (P) 1 (0))...f(P i (0))...f(P M (0) A number of iterations t=0);
and B53: iterative optimization, performing iterative calculation of particle swarm by using a formula 1-2 to obtain a speed set V of the particle i at the time t+1 i (t+1) and position X i (t+1);
Calculating the position X of particle i using equation 1-1 i Fitness value f (X) of (t+1) i (t+1));
Updating the locally optimal position through which particle i passes using equation 2-1:
(2-1)
updating the global optimum positions through which all particles pass using equation 2-2:
G(t+1)=argmax{f(P 1 (t+1))...f(P i (t+1))...f(P M (t+1))} (2-2)
the number of iterations t=t+1.
The process of optimizing the S-box is discussed below by way of one example:
a group of particles with a group M, and at time t, the position (i.e. element arrangement) of the ith particle is X i (t) = "1 2 3 4 56 7 8", provided that the local optimum position searched by the time of the particle i to t is P i (t) = "1 52 4 6 3 8 7", and at the same time, the global optimum position searched by all particles until time t is G (t) = "1 4 256 3 8 7", X i (t) to P i Hamming distance d of (t) 1 (t)=6,X i Hamming distance d from (t) to G (t) 2 (t)=7;
Calculating a self-learning speed set: if rand1 () =0.9, then C 1 *rand1()*d 1 (t) =1.62, and rounding 1.62 to 2, i.e. from X i Randomly selecting certain two bits from the 2 nd, 3 rd, 5 th to 8 th bits in (t) to be matched with P i The corresponding bits in (t) are the same if X is selected randomly i Bit 2 (value 2) and bit 7 (value 7) of (t) are changed to P i The 2 nd (value 5) and 7 th (value 8) bits of (t) require the following operations: "1 2 3 4 56 7 8" ->Q(2,3)->"1 3 2 4 5 6 7 8"->Q(7,8)->"1 32 4 56 8 7", whereby the set of velocities of the self-learning process is { Q (2, 3), Q (7, 8) };
calculating a social learning speed set: if rand2 () =0.8, then C 2 *rand2()*d 2 (t) =1.68, rounding 1.68 to 2, i.e. from X i Randomly selecting two bits from the 2 nd to 8 th bits of the different items in (t) to be identical to the corresponding bits in G (t), if randomly selecting X i In (t), the 2 nd bit (value 2) and the 3 rd bit (value 3) are changed into the 2 nd bit (value 4) and the 3 rd bit (value 2) in G (t), and then the following operation is needed:
"1 2 3 4 56 7 8" - > Q (2, 4) - > "1 4 32 56 7 8" - > Q (3, 4) - > "1 4 2 3 56 7 8", whereby the set of speeds of the social learning process is { Q (2, 4), Q (3, 4) };
it is obvious that Q (2, 3) in the self-learning speed set and Q (2, 4) in the social learning speed set have the same target position 2, so that the integrated speed set is V based on the transformation term in the social learning speed set i (t+1) = { Q (7, 8), Q (2, 4), Q (3, 4) }, through the integration process X i (t+1)= X i (t)+ V i (t+1) = "1 4 2 3 56 8 7", where X is i (t+1) to P i (t) Hamming distance of 4, X i The Hamming distance from (t+1) to G (t) is 3, the two Hamming distances are significantly reduced, the particle i moves to a more excellent position, X i The (t+1) position is subjected to fitness calculation by using the formula 1-1, and updating of the individual local optimum and updating of the global optimum of the particle swarm are performed based on the formulas 2-1 and 2-2.
B54: repeating the above process to complete calculation of all M particles at t time, when the iteration number reaches N max Or has obtained the fitness function ideal result f(s) g At the end of the iteration, a positive integer { X } is output n Arranged to form an S-box.
2. The method for the service center to issue the S box, the secret key K and the secret key code m comprises the following steps:
c1: after a new key K is generated, a key counter performs counting operation to obtain a key code m, a service center and a PLC construct an asymmetric or symmetric encryption channel through an SM2 or SM4 algorithm, and the service center sends the encrypted S box, the encrypted key K and the encrypted key code m to a PLC terminal;
c2: the PLC terminal decrypts the SM2 or SM4 algorithm through the national encryption module, the obtained S box and the secret key K are sent to the variable S box ZUC algorithm, and the secret key code m is sent to the synchronous identification counter;
and C3: the fixed S box of the variable S box ZUC algorithm is replaced by the variable S box S issued by the service center flexible (L 1 ) And S is flexible (L 2 ) At this time, the ZUC algorithm architecture, the secret key K and the secret key code m of each PLC terminal device in the system are the same;
and C4: and the service center periodically updates and transmits a new S box, a key K and a key code m according to the key consumption condition of the PLC terminal.
3. The PLC sending module performs ZUC encryption and data sending:
d1: the PLC establishes a sub-thread, the sub-thread generates a key word by using a key K and the ZUC algorithm of FIG. 3 and stores the key word in a buffer, the storage structure of the buffer is shown in FIG. 4, the encryption round generated by each key is customized by a user, and the key word generated by each encryption round is 32 bits and is determined by the characteristics of the ZUC algorithm. In order to ensure industrial control real-time performance, the generation and storage of key words always lead the key numbers in use, for example, the communication is using the key words generated for m based on the key code to encrypt and decrypt, and then the sub-thread at least needs to complete the generation and storage of all key words before the key code is m+10;
d2: obtaining a key stream in a buffer area and a binary plaintext to perform bitwise exclusive OR to generate a ciphertext stream;
d3: the synchronous identification counter records a key number m which is being used in the encryption process, an encryption round n based on the key by a ZUC algorithm, and a key word number p generated by the ZUC algorithm based on the encryption round;
d4: the synchronous data generator combines the ciphertext stream c with the synchronous identifications m, n, p to form a data stream d, i.e. d=c|m|n|p;
d5: and the PLC sending module completes data encapsulation and sends the data to other PLC receiving modules.
4. The PLC receiving module receives data and decrypts ZUC:
e1: the data separator divides ciphertext data and synchronous identification data, the ciphertext data c are all released, and the synchronous identification data m < n > p is sent to the key stream sorter;
e2: in order to avoid subsequent data decryption failure caused by partial data stream loss at the transmitting end, the key stream sorter releases the key stream in the buffer zone according to the serial number of the synchronous identification data extracted by the data separator;
e3: the exclusive-or unit performs bit exclusive-or on the ciphertext and the key stream to generate a plaintext stream.

Claims (6)

1. A method for realizing PLC safety communication is characterized in that:
a1: the S box generator constructs an S box based on Logistic chaotic mapping and an improved particle swarm algorithm, the key generator randomly generates a key K, and the key counter records the number m of the key K, wherein the improved particle swarm algorithm formula is as follows:
in the above, C 1 Is a self-cognition factor; rand1 () is [0,1]Random numbers within a range; p (P) i (t) is the optimal position encountered by particle i during the search from start to time t; x is X i (t) is the position of the particle i at time t; the position being X i An elemental arrangement of (t); p (P) i (t)-X i (t) is particle X i (t) to P i A hamming distance of (t); c (C) 1 rand1()(P i (t)-X i (t)) is a self-learning speed set at time t, the speed set means X i (t) exchanging a set of items Q (x, y) during the change, wherein x is a target item, x, y are permutation numbers instead of real numbers, C 1 rand1()(P i (t)-X i (t)) is rounded to an integer z, and X is randomly chosen i All sums P in (t) i (t) exchanging z values in different terms to cause X i The corresponding term of (t) and P i (t) is the same;
C 2 is a social cognition factor; rand2 () is [0,1]Random numbers within a range; g (t) is the optimal position encountered in the searching process from the beginning to the moment t of all particles; x is X i (t) is the position of the particle i at time t; g (t) -X i (t) is particle X i (t) a hamming distance to G (t); c (C) 2 rand2()(G(t)-X i (t)) is a social learning speed set, and if the social learning speed set and the self-learning speed set have the same target item, the exchange item of the social learning speed is used as the exchange item of the self-learning speed;
V max is the upper limit of the speed set; v (V) i (t+1) is the set of speeds that particle i should update at time t+1;X i (t+1) is the position where the particle i should be updated at time t+1;
a2: the national encryption module encrypts the S box, the secret key K and the secret key number m based on SM2 or SM4 and sends the encrypted S box, the secret key K and the secret key number m to the PLC terminal;
a3: the PLC sending module performs ZUC encryption and data sending;
a4: and the PLC receiving module receives data and decrypts ZUC.
2. The method for implementing PLC secure communications according to claim 1, wherein the S-box generator constructs the S-box based on Logistic chaotic mapping and improved particle swarm algorithm, comprising the steps of:
b1: 256 elements are generated based on Logistic mapping as a chaotic model, and the Logistic model is x n+1 = x n* μ * (1-x n ),x∈[0,1], μ∈[3.5699456,4]Randomly selecting x in the value range 0 Mu, calculating x-sequence { x } from the model 0 、x 1 ... x 255 };
B2: expanding elements in the x sequence by 100 times and performing rounding operation: { X n }=[x n *100]The positive integer { X }, to be obtained n The set code is [ X ] 0 X 1 X 2 ... X 255 ]In the form of particles;
b3: constructing fitness function by balancing the nonlinearity N of S-boxes s Differential uniformity delta s Degree of avalanche B s Construction function f(s) =a s f s (N s )+a d f ds )+a B f B (B s ) Herein define f s (N s )=N s ,f ds )=δ s ,f B (B s )=B s ,a s 、a d 、a B The larger f (S) is, the better the S box comprehensive performance is, and the complete form of the fitness function is as follows:
f(s)= (1-1)
b4: construction of improved particle swarm algorithm:
(1-2)
b5: optimizing the S box based on an improved particle swarm algorithm;
the step B5 comprises the following steps:
b51: parameter setting is carried out, including setting a population scale M; setting self-cognition factor C 1 =0.3; setting social cognition factor C 2 =0.3; setting the maximum iteration number N max The method comprises the steps of carrying out a first treatment on the surface of the Setting an ideal value f(s) of the fitness function g The method comprises the steps of carrying out a first treatment on the surface of the Randomly selecting M solutions in a solution space as initial positions X of particle swarms i (0),i∈[1,M]The method comprises the steps of carrying out a first treatment on the surface of the Setting maximum speed V of particle swarm max
And B52: initializing an optimal solution, and setting an optimal position P of each particle at the moment 0 i (0)=X i (0) Finding the global optimum position G (0) =argmax { f (P) 1 (0))...f(P i (0))...f(P M (0) A number of iterations t=0);
and B53: iterative optimization, performing iterative calculation of particle swarm by using a formula 1-2 to obtain a speed set V of the particle i at the time t+1 i (t+1) and position X i (t+1);
Calculating the position X of particle i using equation 1-1 i Fitness value f (X) of (t+1) i (t+1));
Updating the locally optimal position through which particle i passes using equation 2-1:
(2-1)
updating the global optimum positions through which all particles pass using equation 2-2:
G(t+1)=argmax{f(P 1 (t+1))...f(P i (t+1))...f(P M (t+1))} (2-2)
the number of iterations t=t+1;
b54: repeating the above process to complete calculation of all M particles at t time, and repeating the above steps for the number of iterationsT reaches N max Or when the ideal result of the fitness function is obtained, the iteration is ended, and the final positive integer { X } n The arrangement is the ideal S box structure.
3. The method for implementing PLC secure communication according to claim 1, wherein the cryptographic module encrypts the S box, the key K and the key number m based on SM2 or SM4 and transmits the encrypted data to the PLC terminal comprises the steps of:
c1: after a new key K is generated, a key counter performs counting operation to obtain a key code m, a service center and a PLC construct an asymmetric or symmetric encryption channel through an SM2 or SM4 algorithm, and the service center sends the encrypted S box, the encrypted key K and the encrypted key code m to a PLC terminal;
c2: the PLC terminal decrypts the SM2 or SM4 algorithm through the national encryption module, the obtained S box and the secret key K are sent to the variable S box ZUC algorithm, and the secret key code m is sent to the synchronous identification counter;
and C3: the fixed S box of the variable S box ZUC algorithm is replaced by a variable S box issued by a service center;
and C4: and the service center periodically updates and transmits a new S box, a key K and a key code m according to the key consumption condition of the PLC terminal.
4. The method for implementing PLC secure communication according to claim 1, wherein the step of performing ZUC encryption and data transmission by the PLC transmission module comprises the steps of:
d1: the PLC establishes a sub-thread, the sub-thread generates key words by using a key K and a ZUC algorithm and stores the key words in a buffer area, the encryption round generated by each key is customized by a user, the key words generated by each encryption round are 32 bits, and the key words are determined by the characteristics of the ZUC algorithm, so that the generation and the storage of the key words always lead the key numbers in use for ensuring industrial control instantaneity;
d2: obtaining a key stream in a buffer area and a binary plaintext to perform bitwise exclusive OR to generate a ciphertext stream;
d3: the synchronous identification counter records a key number m which is being used in the encryption process, an encryption round n based on the key by a ZUC algorithm, and a key word number p generated by the ZUC algorithm based on the encryption round;
d4: the synchronous data generator combines the ciphertext stream c with the synchronous identifications m, n, p to form a data stream d, i.e. d=c|m|n|p;
d5: and the PLC sending module completes data encapsulation and sends the data to other PLC receiving modules.
5. The method for implementing PLC secure communication according to claim 1, wherein the PLC receiving module performs data reception and ZUC decryption, comprising the steps of:
e1: the data separator divides ciphertext data and synchronous identification data, the ciphertext data c are all released, and the synchronous identification data m < n > p is sent to the key stream sorter;
e2: in order to avoid subsequent data decryption failure caused by partial data stream loss at the transmitting end, the key stream sorter releases the key stream in the buffer zone according to the serial number of the synchronous identification data extracted by the data separator;
e3: the exclusive-or unit performs bit exclusive-or on the ciphertext and the key stream to generate a plaintext stream.
6. A system for realizing PLC secure communication for realizing the method according to any one of claims 1 to 5, characterized in that the system is composed of a cryptographic service center and a PLC terminal;
the password service center consists of an S box generator, a key counter and a national password module;
the PLC terminal consists of a national encryption module, a variable S box ZUC algorithm, a buffer area, a sending module and a receiving module, wherein the sending module consists of a synchronous identification counter, a synchronous data generator and an exclusive OR unit; the receiving module consists of a data separator, a key stream sorter and an exclusive or unit; all PLC terminals integrate a sending module and a receiving module, can realize two-way communication, and the two modules share a national cipher module, a variable S box ZUC algorithm and a buffer zone.
CN202210682582.0A 2022-06-16 2022-06-16 System and method for realizing PLC (programmable logic controller) safety communication Active CN115001836B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210682582.0A CN115001836B (en) 2022-06-16 2022-06-16 System and method for realizing PLC (programmable logic controller) safety communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210682582.0A CN115001836B (en) 2022-06-16 2022-06-16 System and method for realizing PLC (programmable logic controller) safety communication

Publications (2)

Publication Number Publication Date
CN115001836A CN115001836A (en) 2022-09-02
CN115001836B true CN115001836B (en) 2023-11-17

Family

ID=83034321

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210682582.0A Active CN115001836B (en) 2022-06-16 2022-06-16 System and method for realizing PLC (programmable logic controller) safety communication

Country Status (1)

Country Link
CN (1) CN115001836B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109508175A (en) * 2018-11-14 2019-03-22 重庆邮电大学 The FPGA design of pseudorandom number generator based on fractional order chaos and Zu Chongzhi's algorithm
CN112367155A (en) * 2020-10-13 2021-02-12 黑龙江大学 FPGA-based ZUC encryption system IP core construction method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150215114A1 (en) * 2014-01-29 2015-07-30 Mohammad A. Alahmad Method for generating a secure cryptographic hash function

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109508175A (en) * 2018-11-14 2019-03-22 重庆邮电大学 The FPGA design of pseudorandom number generator based on fractional order chaos and Zu Chongzhi's algorithm
CN112367155A (en) * 2020-10-13 2021-02-12 黑龙江大学 FPGA-based ZUC encryption system IP core construction method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于混沌系统的ZUC动态S盒构造及应用方案;韩妍妍;何彦茹;刘培鹤;张铎;王志强;何文才;;计算机研究与发展(10);全文 *
基于椭圆曲线密码体制和AES的混合加密技术研究;刘恒壮;中国优秀硕士学位论文全文数据库 工程科技Ⅰ辑(第2019年第09期期);全文 *

Also Published As

Publication number Publication date
CN115001836A (en) 2022-09-02

Similar Documents

Publication Publication Date Title
CN106663387A (en) Encryption/decryption function generating method, an encryption/decryption method and related apparatuses
CN106533656B (en) A kind of key multilayer mixing method for encryption/decryption based on WSN
CN110798311B (en) IP encryption method for realizing one-time pad based on quantum true random number matrix
Panda Data security in wireless sensor networks via AES algorithm
CN100594691C (en) Data transmission encryption method of MANET network
Al-Arjan et al. Intelligent security in the era of AI: The key vulnerability of RC4 algorithm
Zirem et al. Efficient lightweight chaotic secure communication system for WSNs and IoT
CN115001836B (en) System and method for realizing PLC (programmable logic controller) safety communication
CN107070629A (en) A kind of template attack method exported for SM4 cryptographic algorithms wheel
Mandal et al. An adaptive genetic key based neural encryption for online wireless communication (AGKNE)
Pandey et al. Particle swarm optimization in cryptanalysis of DES
Ratan Applications of genetic algorithms in cryptology
Mandal et al. An adaptive neural network guided random block length based cryptosystem for online wireless communication (ANNRBLC)
Shahzad et al. Cryptanalysis of four-rounded DES using binary particleswarm optimization
Reyes et al. Permutation parity machines for neural cryptography
Reddy et al. An efficient data transmission approach using IAES-BE
Ghazli et al. Evolutionary approach to secure mobile telecommunication networks
Grozov et al. Construction of a cryptographically secure pseudorandom sequence generator based on the blender algorithm
Kun et al. An improved AES algorithm based on chaos
Chang et al. Research on forgery attack on authentication encryption algorithm ACE
Kassim et al. DMAV: Enhanced MAV Link Protocol Using Dynamic DNA Coding for Unmanned Aerial Vehicles.
Rangarajan et al. Crypto Analysis with Modified Diffie–Hellman Key Exchange based Sensor Node Security Improvement in Wireless Sensor Networks
US11436517B2 (en) Quantum-tunneling-enabled device case
He et al. The application of chaotic encryption in industrial control based on zigbee wireless network
CN114465733B (en) Secure network coding method based on improved RSA

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant